SSL/TLS Strong Encryption: Compatibility

All PCs are compatible. But some of
them are more compatible than others.

-- Unknown

Here we talk about backward compatibility to other SSL solutions. As you
perhaps know, mod_ssl is not the only existing SSL solution for Apache.
Actually there are four additional major products available on the market: Ben
Laurie's freely available Apache-SSL
(from where mod_ssl were originally derived in 1998), Red Hat's commercial Secure Web
Server (which is based on mod_ssl), Covalent's commercial Raven SSL Module (also based on mod_ssl)
and finally C2Net's commercial product Stronghold (based on a
different evolution branch named Sioux up to Stronghold 2.x and based on
mod_ssl since Stronghold 3.x).

The idea in mod_ssl is mainly the following: because mod_ssl provides mostly a
superset of the functionality of all other solutions we can easily provide
backward compatibility for most of the cases. Actually there are three
compatibility areas we currently address: configuration directives,
environment variables and custom log functions.

For backward compatibility to the configuration directives of other SSL
solutions we do an on-the-fly mapping: directives which have a direct
counterpart in mod_ssl are mapped silently while other directives lead to a
warning message in the logfiles. The currently implemented directive mapping
is listed in Table 1. Currently full backward
compatibility is provided only for Apache-SSL 1.x and mod_ssl 2.0.x.
Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of
special functionality in these interfaces which mod_ssl (still) doesn't
provide.

When you use ``SSLOptions +CompatEnvVars'' additional environment
variables are generated. They all correspond to existing official mod_ssl
variables. The currently implemented variable derivation is listed in Table 2.

When mod_ssl is built into Apache or at least loaded (under DSO situation)
additional functions exist for the Custom Log Format of
mod_log_config as documented in the Reference
Chapter. Beside the ``%{varname}x''
eXtension format function which can be used to expand any variables provided
by any module, an additional Cryptography
``%{name}c'' cryptography format function
exists for backward compatibility. The currently implemented function calls
are listed in Table 3.